Lucene search

RedhatCVE-2010-5091

HistoryAug 26, 2012 - 6:55 p.m.

CVE-2010-5091

2012-08-2618:55:01

CWE-94

redhat

web.nvd.nist.gov

cve-2010-5091

silverstripe

file.php

remote code execution

cms

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

Affected configurations

Nvd

Node

silverstripesilverstripeMatch2.3.0

silverstripesilverstripeMatch2.3.0rc1

silverstripesilverstripeMatch2.3.0rc2

silverstripesilverstripeMatch2.3.0rc3

silverstripesilverstripeMatch2.3.1

silverstripesilverstripeMatch2.3.1rc1

silverstripesilverstripeMatch2.3.1rc2

silverstripesilverstripeMatch2.3.2

silverstripesilverstripeMatch2.3.3

silverstripesilverstripeMatch2.3.4

silverstripesilverstripeMatch2.3.5

silverstripesilverstripeMatch2.3.6

silverstripesilverstripeMatch2.3.7

silverstripesilverstripeMatch2.4.0

VendorProductVersionCPE
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
silverstripesilverstripe2.3.2cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
silverstripesilverstripe2.3.3cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
silverstripesilverstripe2.3.4cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:::::::*
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1::::::
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2::::::
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3::::::
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:::::::*
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1::::::
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2::::::
silverstripe	silverstripe	2.3.2	cpe:2.3:a:silverstripe:silverstripe:2.3.2:::::::*
silverstripe	silverstripe	2.3.3	cpe:2.3:a:silverstripe:silverstripe:2.3.3:::::::*
silverstripe	silverstripe	2.3.4	cpe:2.3:a:silverstripe:silverstripe:2.3.4:::::::*

Rows per page:

1-10 of 141

References

dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt

doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8

doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

open.silverstripe.org/changeset/107273

open.silverstripe.org/ticket/5693

www.openwall.com/lists/oss-security/2012/04/30/1

www.openwall.com/lists/oss-security/2012/04/30/3

www.openwall.com/lists/oss-security/2012/05/01/3

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

Related for CVE-2010-5091